Security Group Bypass Vulnerability in OpenStack Compute by OpenStack
CVE-2012-2654

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
21 June 2012

Summary

The EC2 and OS APIs in OpenStack Compute (Nova) versions Folsom, Essex, and Diablo do not properly validate the network protocol during the creation of security groups. This oversight allows remote attackers to bypass access restrictions if the protocol is not entirely specified in lowercase, potentially exposing sensitive resources and leading to unauthorized access.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.